Website Compromised? Here Are Some Steps You Must Follow.

Arpan SinhaCyber SecurityLeave a Comment

PrintCrores of websites in India were hacked and put down last year. Lakhs of websites are blacklisted by search engines every week. Thousands of them get permanently banned. You must have come across the warning – “This site may harm your computer.” This is what happens when a site gets blacklisted, and this affects the number of visits on the site. Thus, you must take the following steps in the event of a breach.

 

Verify the Compromise: Obvious, it may seem but just by visiting a site can’t always tell you whether it has been breached or not, and moreover if you feel it’s infected, do not look for malwares as it may expose your PC.

If you feel it’s been breached, either use Google Search Console or use a website malware scanner which uses FTP to access files on the site, so that the source code can also be scanned. Also ask for help from your hosting provider to verify the compromise.

Put Down the Site and Change Passwords: after verifying that the site is infected, take it down as sson as possible. This will reduce more harm to it. Doing this will also reduce the risk of putting out the sensitive information about the users of the site. Also assume that all your passwords have been compromised and change all of them.

Assess and Decide a Fix: These are a few options which you can choose to do:

  • Hosting providers generally do the scan and remove malwares for a trivial charge. Ask them for help.
  • There are various malware removal tools available online which can be bought and used for this purpose. The manufacturers of these tools also provide with experts who can guide you on this.
  • If you have a backup of your site available, restore it. This is the best and cheapest way for recovering your site
  • Lastly, you can attempt to remove them yourself. There are plenty of videos online which will guide you through the process

Scan Your PC: After you’ve successfully restored your website, you’ll have to permanently remove all the potential sources of infections. The first thing you should do in this respect is to scan and remove anything left in your PC. Use a good antivirus to do this, and to prevent any malware from entering into your PC, follow our previous posts.

Upgrade Website Software: Another potential source can be a not-updated software. Vulnerable software is at more risk of being compromised than updated software. If you’re using a CMS, then they constantly provide patches for updates; never skip one. The operating system at the server end must also be updated regularly.

Change Passwords and Encryption Keys: Once you’re confident that the site is secure again, change all the passwords and keys. Weak passwords are a treat for hackers, so set up a stronger and more unique password. Encryption keys can give away all the communications between the site and clients. Thus, change them too.

Get Your Site Delisted: If the site is still on blacklist, request for a review. After the search engine reviews it, it’ll remove the warnings that appear before the site opens. This generally happens within 24 hours. To request a review with Google, click here and for Bing, click here.

Prevent This From Happening Again: Preventing such activities in future is the most difficult part, but practicing some steps regularly will prevent this.

  • Scan regularly for vulnerabilities
  • Update software as soon as it is ready to update
  • Subscribe to WAF (Web Application Firewall) service
  • Change passwords regularly
  • Back-up the site regularly

Leave a Reply

Your email address will not be published. Required fields are marked *